3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
94 AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
100 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
104 1.*) no_attrib_nonnull=1 ;;
106 CFLAGS="$CFLAGS -Wsign-compare"
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
115 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
116 saved_CFLAGS="$CFLAGS"
117 CFLAGS="$CFLAGS -fno-builtin-memset"
118 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
120 int main(void){char b[10]; memset(b, 0, sizeof(b));}
122 [ AC_MSG_RESULT(yes) ],
124 CFLAGS="$saved_CFLAGS" ]
127 # -fstack-protector-all doesn't always work for some GCC versions
128 # and/or platforms, so we test if we can. If it's not supported
129 # on a given platform gcc will emit a warning so we use -Werror.
130 if test "x$use_stack_protector" = "x1"; then
131 for t in -fstack-protector-all -fstack-protector; do
132 AC_MSG_CHECKING(if $CC supports $t)
133 saved_CFLAGS="$CFLAGS"
134 saved_LDFLAGS="$LDFLAGS"
135 CFLAGS="$CFLAGS $t -Werror"
136 LDFLAGS="$LDFLAGS $t -Werror"
140 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
143 CFLAGS="$saved_CFLAGS $t"
144 LDFLAGS="$saved_LDFLAGS $t"
145 AC_MSG_CHECKING(if $t works)
149 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
153 [ AC_MSG_RESULT(no) ],
154 [ AC_MSG_WARN([cross compiling: cannot test])
158 [ AC_MSG_RESULT(no) ]
160 CFLAGS="$saved_CFLAGS"
161 LDFLAGS="$saved_LDFLAGS"
165 if test -z "$have_llong_max"; then
166 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
167 unset ac_cv_have_decl_LLONG_MAX
168 saved_CFLAGS="$CFLAGS"
169 CFLAGS="$CFLAGS -std=gnu99"
170 AC_CHECK_DECL(LLONG_MAX,
172 [CFLAGS="$saved_CFLAGS"],
173 [#include <limits.h>]
178 if test "x$no_attrib_nonnull" != "x1" ; then
179 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
183 [ --without-rpath Disable auto-added -R linker paths],
185 if test "x$withval" = "xno" ; then
188 if test "x$withval" = "xyes" ; then
194 # Allow user to specify flags
196 [ --with-cflags Specify additional flags to pass to compiler],
198 if test -n "$withval" && test "x$withval" != "xno" && \
199 test "x${withval}" != "xyes"; then
200 CFLAGS="$CFLAGS $withval"
204 AC_ARG_WITH(cppflags,
205 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
207 if test -n "$withval" && test "x$withval" != "xno" && \
208 test "x${withval}" != "xyes"; then
209 CPPFLAGS="$CPPFLAGS $withval"
214 [ --with-ldflags Specify additional flags to pass to linker],
216 if test -n "$withval" && test "x$withval" != "xno" && \
217 test "x${withval}" != "xyes"; then
218 LDFLAGS="$LDFLAGS $withval"
223 [ --with-libs Specify additional libraries to link with],
225 if test -n "$withval" && test "x$withval" != "xno" && \
226 test "x${withval}" != "xyes"; then
227 LIBS="$LIBS $withval"
232 [ --with-Werror Build main code with -Werror],
234 if test -n "$withval" && test "x$withval" != "xno"; then
235 werror_flags="-Werror"
236 if test "x${withval}" != "xyes"; then
237 werror_flags="$withval"
269 security/pam_appl.h \
309 # lastlog.h requires sys/time.h to be included first on Solaris
310 AC_CHECK_HEADERS(lastlog.h, [], [], [
311 #ifdef HAVE_SYS_TIME_H
312 # include <sys/time.h>
316 # sys/ptms.h requires sys/stream.h to be included first on Solaris
317 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
318 #ifdef HAVE_SYS_STREAM_H
319 # include <sys/stream.h>
323 # login_cap.h requires sys/types.h on NetBSD
324 AC_CHECK_HEADERS(login_cap.h, [], [], [
325 #include <sys/types.h>
328 # older BSDs need sys/param.h before sys/mount.h
329 AC_CHECK_HEADERS(sys/mount.h, [], [], [
330 #include <sys/param.h>
333 # Messages for features tested for in target-specific section
337 # Check for some target-specific stuff
340 # Some versions of VAC won't allow macro redefinitions at
341 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
342 # particularly with older versions of vac or xlc.
343 # It also throws errors about null macro argments, but these are
345 AC_MSG_CHECKING(if compiler allows macro redefinitions)
348 #define testmacro foo
349 #define testmacro bar
350 int main(void) { exit(0); }
352 [ AC_MSG_RESULT(yes) ],
354 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
355 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
356 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
357 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
361 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
362 if (test -z "$blibpath"); then
363 blibpath="/usr/lib:/lib"
365 saved_LDFLAGS="$LDFLAGS"
366 if test "$GCC" = "yes"; then
367 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
369 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
371 for tryflags in $flags ;do
372 if (test -z "$blibflags"); then
373 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
374 AC_TRY_LINK([], [], [blibflags=$tryflags])
377 if (test -z "$blibflags"); then
378 AC_MSG_RESULT(not found)
379 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
381 AC_MSG_RESULT($blibflags)
383 LDFLAGS="$saved_LDFLAGS"
384 dnl Check for authenticate. Might be in libs.a on older AIXes
385 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
386 [Define if you want to enable AIX4's authenticate function])],
387 [AC_CHECK_LIB(s,authenticate,
388 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
392 dnl Check for various auth function declarations in headers.
393 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
394 passwdexpired, setauthdb], , , [#include <usersec.h>])
395 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
396 AC_CHECK_DECLS(loginfailed,
397 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
399 [#include <usersec.h>],
400 [(void)loginfailed("user","host","tty",0);],
402 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
403 [Define if your AIX loginfailed() function
404 takes 4 arguments (AIX >= 5.2)])],
408 [#include <usersec.h>]
410 AC_CHECK_FUNCS(getgrset setauthdb)
411 AC_CHECK_DECL(F_CLOSEM,
412 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
414 [ #include <limits.h>
417 check_for_aix_broken_getaddrinfo=1
418 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
419 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
420 [Define if your platform breaks doing a seteuid before a setuid])
421 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
422 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
423 dnl AIX handles lastlog as part of its login message
424 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
425 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
426 [Some systems need a utmpx entry for /bin/login to work])
427 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
428 [Define to a Set Process Title type if your system is
429 supported by bsd-setproctitle.c])
430 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
431 [AIX 5.2 and 5.3 (and presumably newer) require this])
432 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
435 check_for_libcrypt_later=1
436 LIBS="$LIBS /usr/lib/textreadmode.o"
437 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
438 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
439 AC_DEFINE(DISABLE_SHADOW, 1,
440 [Define if you want to disable shadow passwords])
441 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
442 [Define if X11 doesn't support AF_UNIX sockets on that system])
443 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
444 [Define if the concept of ports only accessible to
445 superusers isn't known])
446 AC_DEFINE(DISABLE_FD_PASSING, 1,
447 [Define if your platform needs to skip post auth
448 file descriptor passing])
449 AC_DEFINE(SSH_IOBUFSZ, 65536, [Windows is sensitive to read buffer size])
452 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
453 [Define if your system choked on IP TOS setting])
454 AC_DEFINE(SETEUID_BREAKS_SETUID)
455 AC_DEFINE(BROKEN_SETREUID)
456 AC_DEFINE(BROKEN_SETREGID)
459 AC_MSG_CHECKING(if we have working getaddrinfo)
460 AC_TRY_RUN([#include <mach-o/dyld.h>
461 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
465 }], [AC_MSG_RESULT(working)],
466 [AC_MSG_RESULT(buggy)
467 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
468 [AC_MSG_RESULT(assume it is working)])
469 AC_DEFINE(SETEUID_BREAKS_SETUID)
470 AC_DEFINE(BROKEN_SETREUID)
471 AC_DEFINE(BROKEN_SETREGID)
472 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
473 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
474 [Define if your resolver libs need this for getrrsetbyname])
475 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
476 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
477 [Use tunnel device compatibility to OpenBSD])
478 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
479 [Prepend the address family to IP tunnel traffic])
480 m4_pattern_allow(AU_IPv)
481 AC_CHECK_DECL(AU_IPv4, [],
482 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
483 [#include <bsm/audit.h>]
484 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
485 [Define if pututxline updates lastlog too])
489 SSHDLIBS="$SSHDLIBS -lcrypt"
492 # first we define all of the options common to all HP-UX releases
493 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
494 IPADDR_IN_DISPLAY=yes
496 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
497 [Define if your login program cannot handle end of options ("--")])
498 AC_DEFINE(LOGIN_NEEDS_UTMPX)
499 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
500 [String used in /etc/passwd to denote locked account])
501 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
502 MAIL="/var/mail/username"
504 AC_CHECK_LIB(xnet, t_error, ,
505 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
507 # next, we define all of the options specific to major releases
510 if test -z "$GCC"; then
515 AC_DEFINE(PAM_SUN_CODEBASE, 1,
516 [Define if you are using Solaris-derived PAM which
517 passes pam_messages to the conversation function
518 with an extra level of indirection])
519 AC_DEFINE(DISABLE_UTMP, 1,
520 [Define if you don't want to use utmp])
521 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
522 check_for_hpux_broken_getaddrinfo=1
523 check_for_conflicting_getspnam=1
527 # lastly, we define options specific to minor releases
530 AC_DEFINE(HAVE_SECUREWARE, 1,
531 [Define if you have SecureWare-based
532 protected password database])
533 disable_ptmx_check=yes
539 PATH="$PATH:/usr/etc"
540 AC_DEFINE(BROKEN_INET_NTOA, 1,
541 [Define if you system's inet_ntoa is busted
542 (e.g. Irix gcc issue)])
543 AC_DEFINE(SETEUID_BREAKS_SETUID)
544 AC_DEFINE(BROKEN_SETREUID)
545 AC_DEFINE(BROKEN_SETREGID)
546 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
547 [Define if you shouldn't strip 'tty' from your
549 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
552 PATH="$PATH:/usr/etc"
553 AC_DEFINE(WITH_IRIX_ARRAY, 1,
554 [Define if you have/want arrays
555 (cluster-wide session managment, not C arrays)])
556 AC_DEFINE(WITH_IRIX_PROJECT, 1,
557 [Define if you want IRIX project management])
558 AC_DEFINE(WITH_IRIX_AUDIT, 1,
559 [Define if you want IRIX audit trails])
560 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
561 [Define if you want IRIX kernel jobs])])
562 AC_DEFINE(BROKEN_INET_NTOA)
563 AC_DEFINE(SETEUID_BREAKS_SETUID)
564 AC_DEFINE(BROKEN_SETREUID)
565 AC_DEFINE(BROKEN_SETREGID)
566 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
567 AC_DEFINE(WITH_ABBREV_NO_TTY)
568 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
570 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
571 check_for_libcrypt_later=1
572 AC_DEFINE(PAM_TTY_KLUDGE)
573 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
574 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
575 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
576 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
580 check_for_libcrypt_later=1
581 check_for_openpty_ctty_bug=1
582 AC_DEFINE(PAM_TTY_KLUDGE, 1,
583 [Work around problematic Linux PAM modules handling of PAM_TTY])
584 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
585 [String used in /etc/passwd to denote locked account])
586 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
587 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
588 [Define to whatever link() returns for "not supported"
589 if it doesn't return EOPNOTSUPP.])
590 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
592 AC_DEFINE(LINUX_OOM_ADJUST, 1, [Adjust Linux out-of-memory killer])
593 inet6_default_4in6=yes
596 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
597 [Define if cmsg_type is not passed correctly])
600 # tun(4) forwarding compat code
601 AC_CHECK_HEADERS(linux/if_tun.h)
602 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
603 AC_DEFINE(SSH_TUN_LINUX, 1,
604 [Open tunnel devices the Linux tun/tap way])
605 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
606 [Use tunnel device compatibility to OpenBSD])
607 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
608 [Prepend the address family to IP tunnel traffic])
611 mips-sony-bsd|mips-sony-newsos4)
612 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
616 check_for_libcrypt_before=1
617 if test "x$withval" != "xno" ; then
620 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
621 AC_CHECK_HEADER([net/if_tap.h], ,
622 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
623 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
624 [Prepend the address family to IP tunnel traffic])
627 check_for_libcrypt_later=1
628 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
629 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
630 AC_CHECK_HEADER([net/if_tap.h], ,
631 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
632 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
635 AC_DEFINE(SETEUID_BREAKS_SETUID)
636 AC_DEFINE(BROKEN_SETREUID)
637 AC_DEFINE(BROKEN_SETREGID)
640 conf_lastlog_location="/usr/adm/lastlog"
641 conf_utmp_location=/etc/utmp
642 conf_wtmp_location=/usr/adm/wtmp
644 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
645 AC_DEFINE(BROKEN_REALPATH)
647 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
650 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
651 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
652 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
653 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
654 [syslog_r function is safe to use in in a signal handler])
657 if test "x$withval" != "xno" ; then
660 AC_DEFINE(PAM_SUN_CODEBASE)
661 AC_DEFINE(LOGIN_NEEDS_UTMPX)
662 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
663 [Some versions of /bin/login need the TERM supplied
665 AC_DEFINE(PAM_TTY_KLUDGE)
666 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
667 [Define if pam_chauthtok wants real uid set
668 to the unpriv'ed user])
669 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
670 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
671 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
672 [Define if sshd somehow reacquires a controlling TTY
674 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
675 in case the name is longer than 8 chars])
676 AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
677 external_path_file=/etc/default/login
678 # hardwire lastlog location (can't detect it on some versions)
679 conf_lastlog_location="/var/adm/lastlog"
680 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
681 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
682 if test "$sol2ver" -ge 8; then
684 AC_DEFINE(DISABLE_UTMP)
685 AC_DEFINE(DISABLE_WTMP, 1,
686 [Define if you don't want to use wtmp])
690 AC_ARG_WITH(solaris-contracts,
691 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
693 AC_CHECK_LIB(contract, ct_tmpl_activate,
694 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
695 [Define if you have Solaris process contracts])
696 SSHDLIBS="$SSHDLIBS -lcontract"
703 CPPFLAGS="$CPPFLAGS -DSUNOS4"
704 AC_CHECK_FUNCS(getpwanam)
705 AC_DEFINE(PAM_SUN_CODEBASE)
706 conf_utmp_location=/etc/utmp
707 conf_wtmp_location=/var/adm/wtmp
708 conf_lastlog_location=/var/adm/lastlog
714 AC_DEFINE(SSHD_ACQUIRES_CTTY)
715 AC_DEFINE(SETEUID_BREAKS_SETUID)
716 AC_DEFINE(BROKEN_SETREUID)
717 AC_DEFINE(BROKEN_SETREGID)
720 # /usr/ucblib MUST NOT be searched on ReliantUNIX
721 AC_CHECK_LIB(dl, dlsym, ,)
722 # -lresolv needs to be at the end of LIBS or DNS lookups break
723 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
724 IPADDR_IN_DISPLAY=yes
726 AC_DEFINE(IP_TOS_IS_BROKEN)
727 AC_DEFINE(SETEUID_BREAKS_SETUID)
728 AC_DEFINE(BROKEN_SETREUID)
729 AC_DEFINE(BROKEN_SETREGID)
730 AC_DEFINE(SSHD_ACQUIRES_CTTY)
731 external_path_file=/etc/default/login
732 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
733 # Attention: always take care to bind libsocket and libnsl before libc,
734 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
736 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
739 AC_DEFINE(SETEUID_BREAKS_SETUID)
740 AC_DEFINE(BROKEN_SETREUID)
741 AC_DEFINE(BROKEN_SETREGID)
742 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
743 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
745 # UnixWare 7.x, OpenUNIX 8
747 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
749 AC_DEFINE(SETEUID_BREAKS_SETUID)
750 AC_DEFINE(BROKEN_GETADDRINFO)
751 AC_DEFINE(BROKEN_SETREUID)
752 AC_DEFINE(BROKEN_SETREGID)
753 AC_DEFINE(PASSWD_NEEDS_USERNAME)
755 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
756 TEST_SHELL=/u95/bin/sh
757 AC_DEFINE(BROKEN_LIBIAF, 1,
758 [ia_uinfo routines not supported by OS yet])
759 AC_DEFINE(BROKEN_UPDWTMPX)
760 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
761 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
762 AC_DEFINE(HAVE_SECUREWARE)
763 AC_DEFINE(DISABLE_SHADOW)
766 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
767 check_for_libcrypt_later=1
773 # SCO UNIX and OEM versions of SCO UNIX
775 AC_MSG_ERROR("This Platform is no longer supported.")
779 if test -z "$GCC"; then
780 CFLAGS="$CFLAGS -belf"
782 LIBS="$LIBS -lprot -lx -ltinfo -lm"
785 AC_DEFINE(HAVE_SECUREWARE)
786 AC_DEFINE(DISABLE_SHADOW)
787 AC_DEFINE(DISABLE_FD_PASSING)
788 AC_DEFINE(SETEUID_BREAKS_SETUID)
789 AC_DEFINE(BROKEN_GETADDRINFO)
790 AC_DEFINE(BROKEN_SETREUID)
791 AC_DEFINE(BROKEN_SETREGID)
792 AC_DEFINE(WITH_ABBREV_NO_TTY)
793 AC_DEFINE(BROKEN_UPDWTMPX)
794 AC_DEFINE(PASSWD_NEEDS_USERNAME)
795 AC_CHECK_FUNCS(getluid setluid)
800 AC_DEFINE(NO_SSH_LASTLOG, 1,
801 [Define if you don't want to use lastlog in session.c])
802 AC_DEFINE(SETEUID_BREAKS_SETUID)
803 AC_DEFINE(BROKEN_SETREUID)
804 AC_DEFINE(BROKEN_SETREGID)
806 AC_DEFINE(DISABLE_FD_PASSING)
808 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
812 AC_DEFINE(SETEUID_BREAKS_SETUID)
813 AC_DEFINE(BROKEN_SETREUID)
814 AC_DEFINE(BROKEN_SETREGID)
815 AC_DEFINE(WITH_ABBREV_NO_TTY)
817 AC_DEFINE(DISABLE_FD_PASSING)
819 LIBS="$LIBS -lgen -lacid -ldb"
823 AC_DEFINE(SETEUID_BREAKS_SETUID)
824 AC_DEFINE(BROKEN_SETREUID)
825 AC_DEFINE(BROKEN_SETREGID)
827 AC_DEFINE(DISABLE_FD_PASSING)
828 AC_DEFINE(NO_SSH_LASTLOG)
829 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
830 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
834 AC_MSG_CHECKING(for Digital Unix SIA)
837 [ --with-osfsia Enable Digital Unix SIA],
839 if test "x$withval" = "xno" ; then
840 AC_MSG_RESULT(disabled)
845 if test -z "$no_osfsia" ; then
846 if test -f /etc/sia/matrix.conf; then
848 AC_DEFINE(HAVE_OSF_SIA, 1,
849 [Define if you have Digital Unix Security
850 Integration Architecture])
851 AC_DEFINE(DISABLE_LOGIN, 1,
852 [Define if you don't want to use your
853 system's login() call])
854 AC_DEFINE(DISABLE_FD_PASSING)
855 LIBS="$LIBS -lsecurity -ldb -lm -laud"
859 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
860 [String used in /etc/passwd to denote locked account])
863 AC_DEFINE(BROKEN_GETADDRINFO)
864 AC_DEFINE(SETEUID_BREAKS_SETUID)
865 AC_DEFINE(BROKEN_SETREUID)
866 AC_DEFINE(BROKEN_SETREGID)
867 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
872 AC_DEFINE(NO_X11_UNIX_SOCKETS)
873 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
874 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
875 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
876 AC_DEFINE(DISABLE_LASTLOG)
877 AC_DEFINE(SSHD_ACQUIRES_CTTY)
878 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
879 enable_etc_default_login=no # has incompatible /etc/default/login
882 AC_DEFINE(DISABLE_FD_PASSING)
888 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
889 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
890 AC_DEFINE(NEED_SETPGRP)
891 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
895 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
896 AC_DEFINE(MISSING_HOWMANY)
897 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
901 AC_MSG_CHECKING(compiler and flags for sanity)
907 [ AC_MSG_RESULT(yes) ],
910 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
912 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
915 dnl Checks for header files.
916 # Checks for libraries.
917 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
918 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
920 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
921 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
922 AC_CHECK_LIB(gen, dirname,[
923 AC_CACHE_CHECK([for broken dirname],
924 ac_cv_have_broken_dirname, [
932 int main(int argc, char **argv) {
935 strncpy(buf,"/etc", 32);
937 if (!s || strncmp(s, "/", 32) != 0) {
944 [ ac_cv_have_broken_dirname="no" ],
945 [ ac_cv_have_broken_dirname="yes" ],
946 [ ac_cv_have_broken_dirname="no" ],
950 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
952 AC_DEFINE(HAVE_DIRNAME)
953 AC_CHECK_HEADERS(libgen.h)
958 AC_CHECK_FUNC(getspnam, ,
959 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
960 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
961 [Define if you have the basename function.]))
965 [ --with-zlib=PATH Use zlib in PATH],
966 [ if test "x$withval" = "xno" ; then
967 AC_MSG_ERROR([*** zlib is required ***])
968 elif test "x$withval" != "xyes"; then
969 if test -d "$withval/lib"; then
970 if test -n "${need_dash_r}"; then
971 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
973 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
976 if test -n "${need_dash_r}"; then
977 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
979 LDFLAGS="-L${withval} ${LDFLAGS}"
982 if test -d "$withval/include"; then
983 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
985 CPPFLAGS="-I${withval} ${CPPFLAGS}"
990 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
991 AC_CHECK_LIB(z, deflate, ,
993 saved_CPPFLAGS="$CPPFLAGS"
994 saved_LDFLAGS="$LDFLAGS"
996 dnl Check default zlib install dir
997 if test -n "${need_dash_r}"; then
998 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1000 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1002 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1004 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1006 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1012 AC_ARG_WITH(zlib-version-check,
1013 [ --without-zlib-version-check Disable zlib version check],
1014 [ if test "x$withval" = "xno" ; then
1015 zlib_check_nonfatal=1
1020 AC_MSG_CHECKING(for possibly buggy zlib)
1021 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1026 int a=0, b=0, c=0, d=0, n, v;
1027 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1028 if (n != 3 && n != 4)
1030 v = a*1000000 + b*10000 + c*100 + d;
1031 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1034 if (a == 1 && b == 1 && c >= 4)
1037 /* 1.2.3 and up are OK */
1045 [ AC_MSG_RESULT(yes)
1046 if test -z "$zlib_check_nonfatal" ; then
1047 AC_MSG_ERROR([*** zlib too old - check config.log ***
1048 Your reported zlib version has known security problems. It's possible your
1049 vendor has fixed these problems without changing the version number. If you
1050 are sure this is the case, you can disable the check by running
1051 "./configure --without-zlib-version-check".
1052 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1053 See http://www.gzip.org/zlib/ for details.])
1055 AC_MSG_WARN([zlib version may have security problems])
1058 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1062 AC_CHECK_FUNC(strcasecmp,
1063 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1065 AC_CHECK_FUNCS(utimes,
1066 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1067 LIBS="$LIBS -lc89"]) ]
1070 dnl Checks for libutil functions
1071 AC_CHECK_HEADERS(libutil.h)
1072 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1073 [Define if your libraries define login()])])
1074 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1078 # Check for ALTDIRFUNC glob() extension
1079 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1080 AC_EGREP_CPP(FOUNDIT,
1083 #ifdef GLOB_ALTDIRFUNC
1088 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1089 [Define if your system glob() function has
1090 the GLOB_ALTDIRFUNC extension])
1098 # Check for g.gl_matchc glob() extension
1099 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1101 [ #include <glob.h> ],
1102 [glob_t g; g.gl_matchc = 1;],
1104 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1105 [Define if your system glob() function has
1106 gl_matchc options in glob_t])
1114 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1116 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1119 #include <sys/types.h>
1121 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1123 [AC_MSG_RESULT(yes)],
1126 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1127 [Define if your struct dirent expects you to
1128 allocate extra space for d_name])
1131 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1132 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1136 AC_MSG_CHECKING([for /proc/pid/fd directory])
1137 if test -d "/proc/$$/fd" ; then
1138 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1144 # Check whether user wants S/Key support
1147 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1149 if test "x$withval" != "xno" ; then
1151 if test "x$withval" != "xyes" ; then
1152 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1153 LDFLAGS="$LDFLAGS -L${withval}/lib"
1156 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1160 AC_MSG_CHECKING([for s/key support])
1165 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1167 [AC_MSG_RESULT(yes)],
1170 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1172 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1176 [(void)skeychallenge(NULL,"name","",0);],
1178 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1179 [Define if your skeychallenge()
1180 function takes 4 arguments (NetBSD)])],
1187 # Check whether user wants TCP wrappers support
1189 AC_ARG_WITH(tcp-wrappers,
1190 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1192 if test "x$withval" != "xno" ; then
1194 saved_LDFLAGS="$LDFLAGS"
1195 saved_CPPFLAGS="$CPPFLAGS"
1196 if test -n "${withval}" && \
1197 test "x${withval}" != "xyes"; then
1198 if test -d "${withval}/lib"; then
1199 if test -n "${need_dash_r}"; then
1200 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1202 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1205 if test -n "${need_dash_r}"; then
1206 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1208 LDFLAGS="-L${withval} ${LDFLAGS}"
1211 if test -d "${withval}/include"; then
1212 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1214 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1218 AC_MSG_CHECKING(for libwrap)
1221 #include <sys/types.h>
1222 #include <sys/socket.h>
1223 #include <netinet/in.h>
1225 int deny_severity = 0, allow_severity = 0;
1230 AC_DEFINE(LIBWRAP, 1,
1232 TCP Wrappers support])
1233 SSHDLIBS="$SSHDLIBS -lwrap"
1237 AC_MSG_ERROR([*** libwrap missing])
1245 # Check whether user wants libedit support
1247 AC_ARG_WITH(libedit,
1248 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1249 [ if test "x$withval" != "xno" ; then
1250 if test "x$withval" != "xyes"; then
1251 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1252 if test -n "${need_dash_r}"; then
1253 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1255 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1258 AC_CHECK_LIB(edit, el_init,
1259 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1260 LIBEDIT="-ledit -lcurses"
1264 [ AC_MSG_ERROR(libedit not found) ],
1267 AC_MSG_CHECKING(if libedit version is compatible)
1270 #include <histedit.h>
1274 el_init("", NULL, NULL, NULL);
1278 [ AC_MSG_RESULT(yes) ],
1280 AC_MSG_ERROR(libedit version is not compatible) ]
1287 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1289 AC_MSG_CHECKING(for supported audit module)
1294 dnl Checks for headers, libs and functions
1295 AC_CHECK_HEADERS(bsm/audit.h, [],
1296 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1303 AC_CHECK_LIB(bsm, getaudit, [],
1304 [AC_MSG_ERROR(BSM enabled and required library not found)])
1305 AC_CHECK_FUNCS(getaudit, [],
1306 [AC_MSG_ERROR(BSM enabled and required function not found)])
1307 # These are optional
1308 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1309 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1313 AC_MSG_RESULT(debug)
1314 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1320 AC_MSG_ERROR([Unknown audit module $withval])
1325 dnl Checks for library functions. Please keep in alphabetical order
1329 arc4random_uniform \
1422 # IRIX has a const char return value for gai_strerror()
1423 AC_CHECK_FUNCS(gai_strerror,[
1424 AC_DEFINE(HAVE_GAI_STRERROR)
1426 #include <sys/types.h>
1427 #include <sys/socket.h>
1430 const char *gai_strerror(int);],[
1433 str = gai_strerror(0);],[
1434 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1435 [Define if gai_strerror() returns const char *])])])
1437 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1438 [Some systems put nanosleep outside of libc]))
1440 dnl Make sure prototypes are defined for these before using them.
1441 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1442 AC_CHECK_DECL(strsep,
1443 [AC_CHECK_FUNCS(strsep)],
1446 #ifdef HAVE_STRING_H
1447 # include <string.h>
1451 dnl tcsendbreak might be a macro
1452 AC_CHECK_DECL(tcsendbreak,
1453 [AC_DEFINE(HAVE_TCSENDBREAK)],
1454 [AC_CHECK_FUNCS(tcsendbreak)],
1455 [#include <termios.h>]
1458 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1460 AC_CHECK_DECLS(SHUT_RD, , ,
1462 #include <sys/types.h>
1463 #include <sys/socket.h>
1466 AC_CHECK_DECLS(O_NONBLOCK, , ,
1468 #include <sys/types.h>
1469 #ifdef HAVE_SYS_STAT_H
1470 # include <sys/stat.h>
1477 AC_CHECK_DECLS(writev, , , [
1478 #include <sys/types.h>
1479 #include <sys/uio.h>
1483 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1484 #include <sys/param.h>
1487 AC_CHECK_DECLS(offsetof, , , [
1491 AC_CHECK_FUNCS(setresuid, [
1492 dnl Some platorms have setresuid that isn't implemented, test for this
1493 AC_MSG_CHECKING(if setresuid seems to work)
1498 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1500 [AC_MSG_RESULT(yes)],
1501 [AC_DEFINE(BROKEN_SETRESUID, 1,
1502 [Define if your setresuid() is broken])
1503 AC_MSG_RESULT(not implemented)],
1504 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1508 AC_CHECK_FUNCS(setresgid, [
1509 dnl Some platorms have setresgid that isn't implemented, test for this
1510 AC_MSG_CHECKING(if setresgid seems to work)
1515 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1517 [AC_MSG_RESULT(yes)],
1518 [AC_DEFINE(BROKEN_SETRESGID, 1,
1519 [Define if your setresgid() is broken])
1520 AC_MSG_RESULT(not implemented)],
1521 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1525 dnl Checks for time functions
1526 AC_CHECK_FUNCS(gettimeofday time)
1527 dnl Checks for utmp functions
1528 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1529 AC_CHECK_FUNCS(utmpname)
1530 dnl Checks for utmpx functions
1531 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1532 AC_CHECK_FUNCS(setutxent utmpxname)
1533 dnl Checks for lastlog functions
1534 AC_CHECK_FUNCS(getlastlogxbyname)
1536 AC_CHECK_FUNC(daemon,
1537 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1538 [AC_CHECK_LIB(bsd, daemon,
1539 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1542 AC_CHECK_FUNC(getpagesize,
1543 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1544 [Define if your libraries define getpagesize()])],
1545 [AC_CHECK_LIB(ucb, getpagesize,
1546 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1549 # Check for broken snprintf
1550 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1551 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1555 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1557 [AC_MSG_RESULT(yes)],
1560 AC_DEFINE(BROKEN_SNPRINTF, 1,
1561 [Define if your snprintf is busted])
1562 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1564 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1568 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1569 # returning the right thing on overflow: the number of characters it tried to
1570 # create (as per SUSv3)
1571 if test "x$ac_cv_func_asprintf" != "xyes" && \
1572 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1573 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1576 #include <sys/types.h>
1580 int x_snprintf(char *str,size_t count,const char *fmt,...)
1582 size_t ret; va_list ap;
1583 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1589 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1591 [AC_MSG_RESULT(yes)],
1594 AC_DEFINE(BROKEN_SNPRINTF, 1,
1595 [Define if your snprintf is busted])
1596 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1598 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1602 # On systems where [v]snprintf is broken, but is declared in stdio,
1603 # check that the fmt argument is const char * or just char *.
1604 # This is only useful for when BROKEN_SNPRINTF
1605 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1606 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1607 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1608 int main(void) { snprintf(0, 0, 0); }
1611 AC_DEFINE(SNPRINTF_CONST, [const],
1612 [Define as const if snprintf() can declare const char *fmt])],
1614 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1616 # Check for missing getpeereid (or equiv) support
1618 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1619 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1621 [#include <sys/types.h>
1622 #include <sys/socket.h>],
1623 [int i = SO_PEERCRED;],
1624 [ AC_MSG_RESULT(yes)
1625 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1632 dnl see whether mkstemp() requires XXXXXX
1633 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1634 AC_MSG_CHECKING([for (overly) strict mkstemp])
1638 main() { char template[]="conftest.mkstemp-test";
1639 if (mkstemp(template) == -1)
1641 unlink(template); exit(0);
1649 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1653 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1658 dnl make sure that openpty does not reacquire controlling terminal
1659 if test ! -z "$check_for_openpty_ctty_bug"; then
1660 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1664 #include <sys/fcntl.h>
1665 #include <sys/types.h>
1666 #include <sys/wait.h>
1672 int fd, ptyfd, ttyfd, status;
1675 if (pid < 0) { /* failed */
1677 } else if (pid > 0) { /* parent */
1678 waitpid(pid, &status, 0);
1679 if (WIFEXITED(status))
1680 exit(WEXITSTATUS(status));
1683 } else { /* child */
1684 close(0); close(1); close(2);
1686 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1687 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1689 exit(3); /* Acquired ctty: broken */
1691 exit(0); /* Did not acquire ctty: OK */
1700 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1703 AC_MSG_RESULT(cross-compiling, assuming yes)
1708 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1709 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1710 AC_MSG_CHECKING(if getaddrinfo seems to work)
1714 #include <sys/socket.h>
1717 #include <netinet/in.h>
1719 #define TEST_PORT "2222"
1725 struct addrinfo *gai_ai, *ai, hints;
1726 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1728 memset(&hints, 0, sizeof(hints));
1729 hints.ai_family = PF_UNSPEC;
1730 hints.ai_socktype = SOCK_STREAM;
1731 hints.ai_flags = AI_PASSIVE;
1733 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1735 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1739 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1740 if (ai->ai_family != AF_INET6)
1743 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1744 sizeof(ntop), strport, sizeof(strport),
1745 NI_NUMERICHOST|NI_NUMERICSERV);
1748 if (err == EAI_SYSTEM)
1749 perror("getnameinfo EAI_SYSTEM");
1751 fprintf(stderr, "getnameinfo failed: %s\n",
1756 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1759 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1772 AC_DEFINE(BROKEN_GETADDRINFO)
1775 AC_MSG_RESULT(cross-compiling, assuming yes)
1780 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1781 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1782 AC_MSG_CHECKING(if getaddrinfo seems to work)
1786 #include <sys/socket.h>
1789 #include <netinet/in.h>
1791 #define TEST_PORT "2222"
1797 struct addrinfo *gai_ai, *ai, hints;
1798 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1800 memset(&hints, 0, sizeof(hints));
1801 hints.ai_family = PF_UNSPEC;
1802 hints.ai_socktype = SOCK_STREAM;
1803 hints.ai_flags = AI_PASSIVE;
1805 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1807 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1811 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1812 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1815 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1816 sizeof(ntop), strport, sizeof(strport),
1817 NI_NUMERICHOST|NI_NUMERICSERV);
1819 if (ai->ai_family == AF_INET && err != 0) {
1820 perror("getnameinfo");
1829 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1830 [Define if you have a getaddrinfo that fails
1831 for the all-zeros IPv6 address])
1835 AC_DEFINE(BROKEN_GETADDRINFO)
1838 AC_MSG_RESULT(cross-compiling, assuming no)
1843 if test "x$check_for_conflicting_getspnam" = "x1"; then
1844 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1848 int main(void) {exit(0);}
1855 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1856 [Conflicting defs for getspnam])
1863 # Search for OpenSSL
1864 saved_CPPFLAGS="$CPPFLAGS"
1865 saved_LDFLAGS="$LDFLAGS"
1866 AC_ARG_WITH(ssl-dir,
1867 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1869 if test "x$withval" != "xno" ; then
1872 ./*|../*) withval="`pwd`/$withval"
1874 if test -d "$withval/lib"; then
1875 if test -n "${need_dash_r}"; then
1876 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1878 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1881 if test -n "${need_dash_r}"; then
1882 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1884 LDFLAGS="-L${withval} ${LDFLAGS}"
1887 if test -d "$withval/include"; then
1888 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1890 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1895 LIBS="-lcrypto $LIBS"
1896 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1897 [Define if your ssl headers are included
1898 with #include <openssl/header.h>]),
1900 dnl Check default openssl install dir
1901 if test -n "${need_dash_r}"; then
1902 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1904 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1906 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1907 AC_CHECK_HEADER([openssl/opensslv.h], ,
1908 AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
1909 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1911 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1917 # Determine OpenSSL header version
1918 AC_MSG_CHECKING([OpenSSL header version])
1923 #include <openssl/opensslv.h>
1924 #define DATA "conftest.sslincver"
1929 fd = fopen(DATA,"w");
1933 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1940 ssl_header_ver=`cat conftest.sslincver`
1941 AC_MSG_RESULT($ssl_header_ver)
1944 AC_MSG_RESULT(not found)
1945 AC_MSG_ERROR(OpenSSL version header not found.)
1948 AC_MSG_WARN([cross compiling: not checking])
1952 # Determine OpenSSL library version
1953 AC_MSG_CHECKING([OpenSSL library version])
1958 #include <openssl/opensslv.h>
1959 #include <openssl/crypto.h>
1960 #define DATA "conftest.ssllibver"
1965 fd = fopen(DATA,"w");
1969 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1976 ssl_library_ver=`cat conftest.ssllibver`
1977 AC_MSG_RESULT($ssl_library_ver)
1980 AC_MSG_RESULT(not found)
1981 AC_MSG_ERROR(OpenSSL library not found.)
1984 AC_MSG_WARN([cross compiling: not checking])
1988 AC_ARG_WITH(openssl-header-check,
1989 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1990 [ if test "x$withval" = "xno" ; then
1991 openssl_check_nonfatal=1
1996 # Sanity check OpenSSL headers
1997 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2001 #include <openssl/opensslv.h>
2002 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2009 if test "x$openssl_check_nonfatal" = "x"; then
2010 AC_MSG_ERROR([Your OpenSSL headers do not match your
2011 library. Check config.log for details.
2012 If you are sure your installation is consistent, you can disable the check
2013 by running "./configure --without-openssl-header-check".
2014 Also see contrib/findssl.sh for help identifying header/library mismatches.
2017 AC_MSG_WARN([Your OpenSSL headers do not match your
2018 library. Check config.log for details.
2019 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2023 AC_MSG_WARN([cross compiling: not checking])
2027 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2030 #include <openssl/evp.h>
2031 int main(void) { SSLeay_add_all_algorithms(); }
2040 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2043 #include <openssl/evp.h>
2044 int main(void) { SSLeay_add_all_algorithms(); }
2057 AC_ARG_WITH(ssl-engine,
2058 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2059 [ if test "x$withval" != "xno" ; then
2060 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2062 [ #include <openssl/engine.h>],
2064 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2066 [ AC_MSG_RESULT(yes)
2067 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2068 [Enable OpenSSL engine support])
2070 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2075 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2076 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2080 #include <openssl/evp.h>
2081 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2088 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2089 [libcrypto is missing AES 192 and 256 bit functions])
2093 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2097 #include <openssl/evp.h>
2098 int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
2105 AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
2106 [Define if EVP_DigestUpdate returns void])
2110 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2111 # because the system crypt() is more featureful.
2112 if test "x$check_for_libcrypt_before" = "x1"; then
2113 AC_CHECK_LIB(crypt, crypt)
2116 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2117 # version in OpenSSL.
2118 if test "x$check_for_libcrypt_later" = "x1"; then
2119 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2122 # Search for SHA256 support in libc and/or OpenSSL
2123 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2126 AC_CHECK_LIB(iaf, ia_openinfo, [
2128 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2129 AC_DEFINE(HAVE_LIBIAF, 1,
2130 [Define if system has libiaf that supports set_id])
2135 ### Configure cryptographic random number support
2137 # Check wheter OpenSSL seeds itself
2138 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2142 #include <openssl/rand.h>
2143 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2146 OPENSSL_SEEDS_ITSELF=yes
2151 # Default to use of the rand helper if OpenSSL doesn't
2156 AC_MSG_WARN([cross compiling: assuming yes])
2157 # This is safe, since all recent OpenSSL versions will
2158 # complain at runtime if not seeded correctly.
2159 OPENSSL_SEEDS_ITSELF=yes
2163 # Check for PAM libs
2166 [ --with-pam Enable PAM support ],
2168 if test "x$withval" != "xno" ; then
2169 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2170 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2171 AC_MSG_ERROR([PAM headers not found])
2175 AC_CHECK_LIB(dl, dlopen, , )
2176 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2177 AC_CHECK_FUNCS(pam_getenvlist)
2178 AC_CHECK_FUNCS(pam_putenv)
2183 SSHDLIBS="$SSHDLIBS -lpam"
2184 AC_DEFINE(USE_PAM, 1,
2185 [Define if you want to enable PAM support])
2187 if test $ac_cv_lib_dl_dlopen = yes; then
2190 # libdl already in LIBS
2193 SSHDLIBS="$SSHDLIBS -ldl"
2201 # Check for older PAM
2202 if test "x$PAM_MSG" = "xyes" ; then
2203 # Check PAM strerror arguments (old PAM)
2204 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2208 #if defined(HAVE_SECURITY_PAM_APPL_H)
2209 #include <security/pam_appl.h>
2210 #elif defined (HAVE_PAM_PAM_APPL_H)
2211 #include <pam/pam_appl.h>
2214 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2215 [AC_MSG_RESULT(no)],
2217 AC_DEFINE(HAVE_OLD_PAM, 1,
2218 [Define if you have an old version of PAM
2219 which takes only one argument to pam_strerror])
2221 PAM_MSG="yes (old library)"
2226 # Do we want to force the use of the rand helper?
2227 AC_ARG_WITH(rand-helper,
2228 [ --with-rand-helper Use subprocess to gather strong randomness ],
2230 if test "x$withval" = "xno" ; then
2231 # Force use of OpenSSL's internal RNG, even if
2232 # the previous test showed it to be unseeded.
2233 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2234 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2235 OPENSSL_SEEDS_ITSELF=yes
2244 # Which randomness source do we use?
2245 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2247 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2248 [Define if you want OpenSSL's internally seeded PRNG only])
2249 RAND_MSG="OpenSSL internal ONLY"
2250 INSTALL_SSH_RAND_HELPER=""
2251 elif test ! -z "$USE_RAND_HELPER" ; then
2252 # install rand helper
2253 RAND_MSG="ssh-rand-helper"
2254 INSTALL_SSH_RAND_HELPER="yes"
2256 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2258 ### Configuration of ssh-rand-helper
2261 AC_ARG_WITH(prngd-port,
2262 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2271 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2274 if test ! -z "$withval" ; then
2275 PRNGD_PORT="$withval"
2276 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2277 [Port number of PRNGD/EGD random number socket])
2282 # PRNGD Unix domain socket
2283 AC_ARG_WITH(prngd-socket,
2284 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2288 withval="/var/run/egd-pool"
2296 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2300 if test ! -z "$withval" ; then
2301 if test ! -z "$PRNGD_PORT" ; then
2302 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2304 if test ! -r "$withval" ; then
2305 AC_MSG_WARN(Entropy socket is not readable)
2307 PRNGD_SOCKET="$withval"
2308 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2309 [Location of PRNGD/EGD random number socket])
2313 # Check for existing socket only if we don't have a random device already
2314 if test "$USE_RAND_HELPER" = yes ; then
2315 AC_MSG_CHECKING(for PRNGD/EGD socket)
2316 # Insert other locations here
2317 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2318 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2319 PRNGD_SOCKET="$sock"
2320 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2324 if test ! -z "$PRNGD_SOCKET" ; then
2325 AC_MSG_RESULT($PRNGD_SOCKET)
2327 AC_MSG_RESULT(not found)
2333 # Change default command timeout for hashing entropy source
2335 AC_ARG_WITH(entropy-timeout,
2336 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2338 if test -n "$withval" && test "x$withval" != "xno" && \
2339 test "x${withval}" != "xyes"; then
2340 entropy_timeout=$withval
2344 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2345 [Builtin PRNG command timeout])
2347 SSH_PRIVSEP_USER=sshd
2348 AC_ARG_WITH(privsep-user,
2349 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2351 if test -n "$withval" && test "x$withval" != "xno" && \
2352 test "x${withval}" != "xyes"; then
2353 SSH_PRIVSEP_USER=$withval
2357 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2358 [non-privileged user for privilege separation])
2359 AC_SUBST(SSH_PRIVSEP_USER)
2361 # We do this little dance with the search path to insure
2362 # that programs that we select for use by installed programs
2363 # (which may be run by the super-user) come from trusted
2364 # locations before they come from the user's private area.
2365 # This should help avoid accidentally configuring some
2366 # random version of a program in someone's personal bin.
2370 test -h /bin 2> /dev/null && PATH=/usr/bin
2371 test -d /sbin && PATH=$PATH:/sbin
2372 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2373 PATH=$PATH:/etc:$OPATH
2375 # These programs are used by the command hashing source to gather entropy
2376 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2377 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2378 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2379 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2380 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2381 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2382 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2383 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2384 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2385 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2386 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2387 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2388 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2389 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2390 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2391 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2395 # Where does ssh-rand-helper get its randomness from?
2396 INSTALL_SSH_PRNG_CMDS=""
2397 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2398 if test ! -z "$PRNGD_PORT" ; then
2399 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2400 elif test ! -z "$PRNGD_SOCKET" ; then
2401 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2403 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2404 RAND_HELPER_CMDHASH=yes
2405 INSTALL_SSH_PRNG_CMDS="yes"
2408 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2411 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2412 if test ! -z "$SONY" ; then
2413 LIBS="$LIBS -liberty";
2416 # Check for long long datatypes
2417 AC_CHECK_TYPES([long long, unsigned long long, long double])
2419 # Check datatype sizes
2420 AC_CHECK_SIZEOF(char, 1)
2421 AC_CHECK_SIZEOF(short int, 2)
2422 AC_CHECK_SIZEOF(int, 4)
2423 AC_CHECK_SIZEOF(long int, 4)
2424 AC_CHECK_SIZEOF(long long int, 8)
2426 # Sanity check long long for some platforms (AIX)
2427 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2428 ac_cv_sizeof_long_long_int=0
2431 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2432 if test -z "$have_llong_max"; then
2433 AC_MSG_CHECKING([for max value of long long])
2437 /* Why is this so damn hard? */
2441 #define __USE_ISOC99
2443 #define DATA "conftest.llminmax"
2444 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2447 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2448 * we do this the hard way.
2451 fprint_ll(FILE *f, long long n)
2454 int l[sizeof(long long) * 8];
2457 if (fprintf(f, "-") < 0)
2459 for (i = 0; n != 0; i++) {
2460 l[i] = my_abs(n % 10);
2464 if (fprintf(f, "%d", l[--i]) < 0)
2467 if (fprintf(f, " ") < 0)
2474 long long i, llmin, llmax = 0;
2476 if((f = fopen(DATA,"w")) == NULL)
2479 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2480 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2484 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2485 /* This will work on one's complement and two's complement */
2486 for (i = 1; i > llmax; i <<= 1, i++)
2488 llmin = llmax + 1LL; /* wrap */
2492 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2493 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2494 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2495 fprintf(f, "unknown unknown\n");
2499 if (fprint_ll(f, llmin) < 0)
2501 if (fprint_ll(f, llmax) < 0)
2509 llong_min=`$AWK '{print $1}' conftest.llminmax`
2510 llong_max=`$AWK '{print $2}' conftest.llminmax`
2512 AC_MSG_RESULT($llong_max)
2513 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2514 [max value of long long calculated by configure])
2515 AC_MSG_CHECKING([for min value of long long])
2516 AC_MSG_RESULT($llong_min)
2517 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2518 [min value of long long calculated by configure])
2521 AC_MSG_RESULT(not found)
2524 AC_MSG_WARN([cross compiling: not checking])
2530 # More checks for data types
2531 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2533 [ #include <sys/types.h> ],
2535 [ ac_cv_have_u_int="yes" ],
2536 [ ac_cv_have_u_int="no" ]
2539 if test "x$ac_cv_have_u_int" = "xyes" ; then
2540 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2544 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2546 [ #include <sys/types.h> ],
2547 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2548 [ ac_cv_have_intxx_t="yes" ],
2549 [ ac_cv_have_intxx_t="no" ]
2552 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2553 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2557 if (test -z "$have_intxx_t" && \
2558 test "x$ac_cv_header_stdint_h" = "xyes")
2560 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2562 [ #include <stdint.h> ],
2563 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2565 AC_DEFINE(HAVE_INTXX_T)
2568 [ AC_MSG_RESULT(no) ]
2572 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2575 #include <sys/types.h>
2576 #ifdef HAVE_STDINT_H
2577 # include <stdint.h>
2579 #include <sys/socket.h>
2580 #ifdef HAVE_SYS_BITYPES_H
2581 # include <sys/bitypes.h>
2584 [ int64_t a; a = 1;],
2585 [ ac_cv_have_int64_t="yes" ],
2586 [ ac_cv_have_int64_t="no" ]
2589 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2590 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2593 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2595 [ #include <sys/types.h> ],
2596 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2597 [ ac_cv_have_u_intxx_t="yes" ],
2598 [ ac_cv_have_u_intxx_t="no" ]
2601 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2602 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2606 if test -z "$have_u_intxx_t" ; then
2607 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2609 [ #include <sys/socket.h> ],
2610 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2612 AC_DEFINE(HAVE_U_INTXX_T)
2615 [ AC_MSG_RESULT(no) ]
2619 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2621 [ #include <sys/types.h> ],
2622 [ u_int64_t a; a = 1;],
2623 [ ac_cv_have_u_int64_t="yes" ],
2624 [ ac_cv_have_u_int64_t="no" ]
2627 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2628 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2632 if test -z "$have_u_int64_t" ; then
2633 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2635 [ #include <sys/bitypes.h> ],
2636 [ u_int64_t a; a = 1],
2638 AC_DEFINE(HAVE_U_INT64_T)
2641 [ AC_MSG_RESULT(no) ]
2645 if test -z "$have_u_intxx_t" ; then
2646 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2649 #include <sys/types.h>
2651 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2652 [ ac_cv_have_uintxx_t="yes" ],
2653 [ ac_cv_have_uintxx_t="no" ]
2656 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2657 AC_DEFINE(HAVE_UINTXX_T, 1,
2658 [define if you have uintxx_t data type])
2662 if test -z "$have_uintxx_t" ; then
2663 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2665 [ #include <stdint.h> ],
2666 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2668 AC_DEFINE(HAVE_UINTXX_T)
2671 [ AC_MSG_RESULT(no) ]
2675 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2676 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2678 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2681 #include <sys/bitypes.h>
2684 int8_t a; int16_t b; int32_t c;
2685 u_int8_t e; u_int16_t f; u_int32_t g;
2686 a = b = c = e = f = g = 1;
2689 AC_DEFINE(HAVE_U_INTXX_T)
2690 AC_DEFINE(HAVE_INTXX_T)
2698 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2701 #include <sys/types.h>
2703 [ u_char foo; foo = 125; ],
2704 [ ac_cv_have_u_char="yes" ],
2705 [ ac_cv_have_u_char="no" ]
2708 if test "x$ac_cv_have_u_char" = "xyes" ; then
2709 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2714 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2715 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2716 #include <sys/types.h>
2717 #ifdef HAVE_SYS_BITYPES_H
2718 #include <sys/bitypes.h>
2720 #ifdef HAVE_SYS_STATFS_H
2721 #include <sys/statfs.h>
2723 #ifdef HAVE_SYS_STATVFS_H
2724 #include <sys/statvfs.h>
2728 AC_CHECK_TYPES([in_addr_t, in_port_t],,,
2729 [#include <sys/types.h>
2730 #include <netinet/in.h>])
2732 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2735 #include <sys/types.h>
2737 [ size_t foo; foo = 1235; ],
2738 [ ac_cv_have_size_t="yes" ],
2739 [ ac_cv_have_size_t="no" ]
2742 if test "x$ac_cv_have_size_t" = "xyes" ; then
2743 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2746 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2749 #include <sys/types.h>
2751 [ ssize_t foo; foo = 1235; ],
2752 [ ac_cv_have_ssize_t="yes" ],
2753 [ ac_cv_have_ssize_t="no" ]
2756 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2757 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2760 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2765 [ clock_t foo; foo = 1235; ],
2766 [ ac_cv_have_clock_t="yes" ],
2767 [ ac_cv_have_clock_t="no" ]
2770 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2771 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2774 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2777 #include <sys/types.h>
2778 #include <sys/socket.h>
2780 [ sa_family_t foo; foo = 1235; ],
2781 [ ac_cv_have_sa_family_t="yes" ],
2784 #include <sys/types.h>
2785 #include <sys/socket.h>
2786 #include <netinet/in.h>
2788 [ sa_family_t foo; foo = 1235; ],
2789 [ ac_cv_have_sa_family_t="yes" ],
2791 [ ac_cv_have_sa_family_t="no" ]
2795 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2796 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2797 [define if you have sa_family_t data type])
2800 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2803 #include <sys/types.h>
2805 [ pid_t foo; foo = 1235; ],
2806 [ ac_cv_have_pid_t="yes" ],
2807 [ ac_cv_have_pid_t="no" ]
2810 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2811 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2814 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2817 #include <sys/types.h>
2819 [ mode_t foo; foo = 1235; ],
2820 [ ac_cv_have_mode_t="yes" ],
2821 [ ac_cv_have_mode_t="no" ]
2824 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2825 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2829 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2832 #include <sys/types.h>
2833 #include <sys/socket.h>
2835 [ struct sockaddr_storage s; ],
2836 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2837 [ ac_cv_have_struct_sockaddr_storage="no" ]
2840 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2841 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2842 [define if you have struct sockaddr_storage data type])
2845 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2848 #include <sys/types.h>
2849 #include <netinet/in.h>
2851 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2852 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2853 [ ac_cv_have_struct_sockaddr_in6="no" ]
2856 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2857 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2858 [define if you have struct sockaddr_in6 data type])
2861 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2864 #include <sys/types.h>
2865 #include <netinet/in.h>
2867 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2868 [ ac_cv_have_struct_in6_addr="yes" ],
2869 [ ac_cv_have_struct_in6_addr="no" ]
2872 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2873 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2874 [define if you have struct in6_addr data type])
2876 dnl Now check for sin6_scope_id
2877 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
2879 #ifdef HAVE_SYS_TYPES_H
2880 #include <sys/types.h>
2882 #include <netinet/in.h>
2886 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2889 #include <sys/types.h>
2890 #include <sys/socket.h>
2893 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2894 [ ac_cv_have_struct_addrinfo="yes" ],
2895 [ ac_cv_have_struct_addrinfo="no" ]
2898 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2899 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2900 [define if you have struct addrinfo data type])
2903 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2905 [ #include <sys/time.h> ],
2906 [ struct timeval tv; tv.tv_sec = 1;],
2907 [ ac_cv_have_struct_timeval="yes" ],
2908 [ ac_cv_have_struct_timeval="no" ]
2911 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2912 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2913 have_struct_timeval=1
2916 AC_CHECK_TYPES(struct timespec)
2918 # We need int64_t or else certian parts of the compile will fail.
2919 if test "x$ac_cv_have_int64_t" = "xno" && \
2920 test "x$ac_cv_sizeof_long_int" != "x8" && \
2921 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2922 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2923 echo "an alternative compiler (I.E., GCC) before continuing."
2927 dnl test snprintf (broken on SCO w/gcc)
2932 #ifdef HAVE_SNPRINTF
2936 char expected_out[50];
2938 #if (SIZEOF_LONG_INT == 8)
2939 long int num = 0x7fffffffffffffff;
2941 long long num = 0x7fffffffffffffffll;
2943 strcpy(expected_out, "9223372036854775807");
2944 snprintf(buf, mazsize, "%lld", num);
2945 if(strcmp(buf, expected_out) != 0)
2952 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2953 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2957 dnl Checks for structure members
2958 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2959 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2960 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2961 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2962 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2963 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2964 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2965 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2966 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2967 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2968 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2969 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2970 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2971 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2972 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2973 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2974 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2976 AC_CHECK_MEMBERS([struct stat.st_blksize])
2977 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2978 [Define if we don't have struct __res_state in resolv.h])],
2981 #if HAVE_SYS_TYPES_H
2982 # include <sys/types.h>
2984 #include <netinet/in.h>
2985 #include <arpa/nameser.h>
2989 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2990 ac_cv_have_ss_family_in_struct_ss, [
2993 #include <sys/types.h>
2994 #include <sys/socket.h>
2996 [ struct sockaddr_storage s; s.ss_family = 1; ],
2997 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2998 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3001 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3002 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3005 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3006 ac_cv_have___ss_family_in_struct_ss, [
3009 #include <sys/types.h>
3010 #include <sys/socket.h>
3012 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3013 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3014 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3017 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3018 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3019 [Fields in struct sockaddr_storage])
3022 AC_CACHE_CHECK([for pw_class field in struct passwd],
3023 ac_cv_have_pw_class_in_struct_passwd, [
3028 [ struct passwd p; p.pw_class = 0; ],
3029 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3030 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3033 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3034 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3035 [Define if your password has a pw_class field])
3038 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3039 ac_cv_have_pw_expire_in_struct_passwd, [
3044 [ struct passwd p; p.pw_expire = 0; ],
3045 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3046 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3049 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3050 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3051 [Define if your password has a pw_expire field])
3054 AC_CACHE_CHECK([for pw_change field in struct passwd],
3055 ac_cv_have_pw_change_in_struct_passwd, [
3060 [ struct passwd p; p.pw_change = 0; ],
3061 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3062 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3065 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3066 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3067 [Define if your password has a pw_change field])
3070 dnl make sure we're using the real structure members and not defines
3071 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3072 ac_cv_have_accrights_in_msghdr, [
3075 #include <sys/types.h>
3076 #include <sys/socket.h>
3077 #include <sys/uio.h>
3079 #ifdef msg_accrights
3080 #error "msg_accrights is a macro"
3084 m.msg_accrights = 0;
3088 [ ac_cv_have_accrights_in_msghdr="yes" ],
3089 [ ac_cv_have_accrights_in_msghdr="no" ]
3092 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3093 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3094 [Define if your system uses access rights style
3095 file descriptor passing])
3098 AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
3100 #include <sys/types.h>
3101 #include <sys/stat.h>
3102 #ifdef HAVE_SYS_TIME_H
3103 # include <sys/time.h>
3105 #ifdef HAVE_SYS_MOUNT_H
3106 #include <sys/mount.h>
3108 #ifdef HAVE_SYS_STATVFS_H
3109 #include <sys/statvfs.h>
3111 ], [struct statvfs s; s.f_fsid = 0;],
3112 [ AC_MSG_RESULT(yes) ],
3115 AC_MSG_CHECKING(if fsid_t has member val)
3117 #include <sys/types.h>
3118 #include <sys/statvfs.h>],
3119 [fsid_t t; t.val[0] = 0;],
3120 [ AC_MSG_RESULT(yes)
3121 AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
3122 [ AC_MSG_RESULT(no) ])
3124 AC_MSG_CHECKING(if f_fsid has member __val)
3126 #include <sys/types.h>
3127 #include <sys/statvfs.h>],
3128 [fsid_t t; t.__val[0] = 0;],
3129 [ AC_MSG_RESULT(yes)
3130 AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
3131 [ AC_MSG_RESULT(no) ])
3134 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3135 ac_cv_have_control_in_msghdr, [
3138 #include <sys/types.h>
3139 #include <sys/socket.h>
3140 #include <sys/uio.h>
3143 #error "msg_control is a macro"
3151 [ ac_cv_have_control_in_msghdr="yes" ],
3152 [ ac_cv_have_control_in_msghdr="no" ]
3155 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3156 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3157 [Define if your system uses ancillary data style
3158 file descriptor passing])
3161 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3163 [ extern char *__progname; printf("%s", __progname); ],
3164 [ ac_cv_libc_defines___progname="yes" ],
3165 [ ac_cv_libc_defines___progname="no" ]
3168 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3169 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3172 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3176 [ printf("%s", __FUNCTION__); ],
3177 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3178 [ ac_cv_cc_implements___FUNCTION__="no" ]
3181 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3182 AC_DEFINE(HAVE___FUNCTION__, 1,
3183 [Define if compiler implements __FUNCTION__])
3186 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3190 [ printf("%s", __func__); ],
3191 [ ac_cv_cc_implements___func__="yes" ],
3192 [ ac_cv_cc_implements___func__="no" ]
3195 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3196 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3199 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3201 [#include <stdarg.h>
3204 [ ac_cv_have_va_copy="yes" ],
3205 [ ac_cv_have_va_copy="no" ]
3208 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3209 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3212 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3214 [#include <stdarg.h>
3217 [ ac_cv_have___va_copy="yes" ],
3218 [ ac_cv_have___va_copy="no" ]
3221 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3222 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3225 AC_CACHE_CHECK([whether getopt has optreset support],
3226 ac_cv_have_getopt_optreset, [
3231 [ extern int optreset; optreset = 0; ],
3232 [ ac_cv_have_getopt_optreset="yes" ],
3233 [ ac_cv_have_getopt_optreset="no" ]
3236 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3237 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3238 [Define if your getopt(3) defines and uses optreset])
3241 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3243 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3244 [ ac_cv_libc_defines_sys_errlist="yes" ],
3245 [ ac_cv_libc_defines_sys_errlist="no" ]
3248 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3249 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3250 [Define if your system defines sys_errlist[]])
3254 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3256 [ extern int sys_nerr; printf("%i", sys_nerr);],
3257 [ ac_cv_libc_defines_sys_nerr="yes" ],
3258 [ ac_cv_libc_defines_sys_nerr="no" ]
3261 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3262 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3266 # Check whether user wants sectok support
3268 [ --with-sectok Enable smartcard support using libsectok],
3270 if test "x$withval" != "xno" ; then
3271 if test "x$withval" != "xyes" ; then
3272 CPPFLAGS="$CPPFLAGS -I${withval}"
3273 LDFLAGS="$LDFLAGS -L${withval}"
3274 if test ! -z "$need_dash_r" ; then
3275 LDFLAGS="$LDFLAGS -R${withval}"
3277 if test ! -z "$blibpath" ; then
3278 blibpath="$blibpath:${withval}"
3281 AC_CHECK_HEADERS(sectok.h)
3282 if test "$ac_cv_header_sectok_h" != yes; then
3283 AC_MSG_ERROR(Can't find sectok.h)
3285 AC_CHECK_LIB(sectok, sectok_open)
3286 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3287 AC_MSG_ERROR(Can't find libsectok)
3289 AC_DEFINE(SMARTCARD, 1,
3290 [Define if you want smartcard support])
3291 AC_DEFINE(USE_SECTOK, 1,
3292 [Define if you want smartcard support
3294 SCARD_MSG="yes, using sectok"
3299 # Check whether user wants OpenSC support
3302 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3304 if test "x$withval" != "xno" ; then
3305 AC_PATH_PROG(PKGCONFIG, pkg-config, no)
3306 AC_MSG_CHECKING(how to get opensc config)
3307 if test "x$withval" != "xyes" -a "x$PKGCONFIG" = "xno"; then
3308 OPENSC_CONFIG="$withval/bin/opensc-config"
3309 elif test -f "$withval/src/libopensc/libopensc.pc"; then
3310 OPENSC_CONFIG="$PKGCONFIG $withval/src/libopensc/libopensc.pc"
3311 elif test "x$PKGCONFIG" != "xno"; then
3312 OPENSC_CONFIG="$PKGCONFIG libopensc"
3314 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3316 AC_MSG_RESULT($OPENSC_CONFIG)
3317 if test "$OPENSC_CONFIG" != "no"; then
3318 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3319 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3320 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3321 LIBS="$LIBS $LIBOPENSC_LIBS"
3322 AC_DEFINE(SMARTCARD)
3323 AC_DEFINE(USE_OPENSC, 1,
3324 [Define if you want smartcard support
3326 SCARD_MSG="yes, using OpenSC"
3332 # Check libraries needed by DNS fingerprint support
3333 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3334 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3335 [Define if getrrsetbyname() exists])],
3337 # Needed by our getrrsetbyname()
3338 AC_SEARCH_LIBS(res_query, resolv)
3339 AC_SEARCH_LIBS(dn_expand, resolv)
3340 AC_MSG_CHECKING(if res_query will link)
3342 #include "confdefs.h"
3343 #include <sys/types.h>
3344 #include <netinet/in.h>
3345 #include <arpa/nameser.h>
3350 res_query (0, 0, 0, 0, 0);
3357 LIBS="$LIBS -lresolv"
3358 AC_MSG_CHECKING(for res_query in -lresolv)
3360 #include "confdefs.h"
3361 #include <sys/types.h>
3362 #include <netinet/in.h>
3363 #include <arpa/nameser.h>
3368 res_query (0, 0, 0, 0, 0);
3372 [AC_MSG_RESULT(yes)],
3376 AC_CHECK_FUNCS(_getshort _getlong)
3377 AC_CHECK_DECLS([_getshort, _getlong], , ,
3378 [#include <sys/types.h>
3379 #include <arpa/nameser.h>])
3380 AC_CHECK_MEMBER(HEADER.ad,
3381 [AC_DEFINE(HAVE_HEADER_AD, 1,
3382 [Define if HEADER.ad exists in arpa/nameser.h])],,
3383 [#include <arpa/nameser.h>])
3386 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3389 #if HAVE_SYS_TYPES_H
3390 # include <sys/types.h>
3392 #include <netinet/in.h>
3393 #include <arpa/nameser.h>
3395 extern struct __res_state _res;
3396 int main() { return 0; }
3399 AC_DEFINE(HAVE__RES_EXTERN, 1,
3400 [Define if you have struct __res_state _res as an extern])
3402 [ AC_MSG_RESULT(no) ]
3405 # Check whether user wants SELinux support
3408 AC_ARG_WITH(selinux,
3409 [ --with-selinux Enable SELinux support],
3410 [ if test "x$withval" != "xno" ; then
3412 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3414 AC_CHECK_HEADER([selinux/selinux.h], ,
3415 AC_MSG_ERROR(SELinux support requires selinux.h header))
3416 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3417 AC_MSG_ERROR(SELinux support requires libselinux library))
3418 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3419 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3424 # Check whether user wants Kerberos 5 support
3426 AC_ARG_WITH(kerberos5,
3427 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3428 [ if test "x$withval" != "xno" ; then
3429 if test "x$withval" = "xyes" ; then
3430 KRB5ROOT="/usr/local"
3435 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3438 AC_PATH_PROG([KRB5CONF],[krb5-config],
3439 [$KRB5ROOT/bin/krb5-config],
3440 [$KRB5ROOT/bin:$PATH])
3441 if test -x $KRB5CONF ; then
3443 AC_MSG_CHECKING(for gssapi support)
3444 if $KRB5CONF | grep gssapi >/dev/null ; then
3446 AC_DEFINE(GSSAPI, 1,
3447 [Define this if you want GSSAPI
3448 support in the version 2 protocol])
3454 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3455 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3456 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3457 AC_MSG_CHECKING(whether we are using Heimdal)
3458 AC_TRY_COMPILE([ #include <krb5.h> ],
3459 [ char *tmp = heimdal_version; ],
3460 [ AC_MSG_RESULT(yes)
3461 AC_DEFINE(HEIMDAL, 1,
3462 [Define this if you are using the
3463 Heimdal version of Kerberos V5]) ],
3467 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3468 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3469 AC_MSG_CHECKING(whether we are using Heimdal)
3470 AC_TRY_COMPILE([ #include <krb5.h> ],
3471 [ char *tmp = heimdal_version; ],
3472 [ AC_MSG_RESULT(yes)
3474 K5LIBS="-lkrb5 -ldes"
3475 K5LIBS="$K5LIBS -lcom_err -lasn1"
3476 AC_CHECK_LIB(roken, net_write,
3477 [K5LIBS="$K5LIBS -lroken"])
3480 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3483 AC_SEARCH_LIBS(dn_expand, resolv)
3485 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3487 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3488 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3490 K5LIBS="-lgssapi $K5LIBS" ],
3491 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3496 AC_CHECK_HEADER(gssapi.h, ,
3497 [ unset ac_cv_header_gssapi_h
3498 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3499 AC_CHECK_HEADERS(gssapi.h, ,
3500 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3506 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3507 AC_CHECK_HEADER(gssapi_krb5.h, ,
3508 [ CPPFLAGS="$oldCPP" ])
3511 if test ! -z "$need_dash_r" ; then
3512 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3514 if test ! -z "$blibpath" ; then
3515 blibpath="$blibpath:${KRB5ROOT}/lib"
3518 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3519 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3520 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3522 LIBS="$LIBS $K5LIBS"
3523 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3524 [Define this if you want to use libkafs' AFS support]))
3529 # Looking for programs, paths and files
3531 PRIVSEP_PATH=/var/empty
3532 AC_ARG_WITH(privsep-path,
3533 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3535 if test -n "$withval" && test "x$withval" != "xno" && \
3536 test "x${withval}" != "xyes"; then
3537 PRIVSEP_PATH=$withval
3541 AC_SUBST(PRIVSEP_PATH)
3544 [ --with-xauth=PATH Specify path to xauth program ],
3546 if test -n "$withval" && test "x$withval" != "xno" && \
3547 test "x${withval}" != "xyes"; then
3553 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3554 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3555 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3556 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3557 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3558 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3559 xauth_path="/usr/openwin/bin/xauth"
3565 AC_ARG_ENABLE(strip,
3566 [ --disable-strip Disable calling strip(1) on install],
3568 if test "x$enableval" = "xno" ; then
3575 if test -z "$xauth_path" ; then
3576 XAUTH_PATH="undefined"
3577 AC_SUBST(XAUTH_PATH)
3579 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3580 [Define if xauth is found in your path])
3581 XAUTH_PATH=$xauth_path
3582 AC_SUBST(XAUTH_PATH)
3585 # Check for mail directory (last resort if we cannot get it from headers)
3586 if test ! -z "$MAIL" ; then
3587 maildir=`dirname $MAIL`
3588 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3589 [Set this to your mail directory if you don't have maillock.h])
3592 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3593 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3594 disable_ptmx_check=yes
3596 if test -z "$no_dev_ptmx" ; then
3597 if test "x$disable_ptmx_check" != "xyes" ; then
3598 AC_CHECK_FILE("/dev/ptmx",
3600 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3601 [Define if you have /dev/ptmx])
3608 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3609 AC_CHECK_FILE("/dev/ptc",
3611 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3612 [Define if you have /dev/ptc])
3617 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3620 # Options from here on. Some of these are preset by platform above
3621 AC_ARG_WITH(mantype,
3622 [ --with-mantype=man|cat|doc Set man page type],
3629 AC_MSG_ERROR(invalid man type: $withval)
3634 if test -z "$MANTYPE"; then
3635 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3636 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3637 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3639 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3646 if test "$MANTYPE" = "doc"; then
3653 # Check whether to enable MD5 passwords
3655 AC_ARG_WITH(md5-passwords,
3656 [ --with-md5-passwords Enable use of MD5 passwords],
3658 if test "x$withval" != "xno" ; then
3659 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3660 [Define if you want to allow MD5 passwords])
3666 # Whether to disable shadow password support
3668 [ --without-shadow Disable shadow password support],
3670 if test "x$withval" = "xno" ; then
3671 AC_DEFINE(DISABLE_SHADOW)
3677 if test -z "$disable_shadow" ; then
3678 AC_MSG_CHECKING([if the systems has expire shadow information])
3681 #include <sys/types.h>
3684 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3685 [ sp_expire_available=yes ], []
3688 if test "x$sp_expire_available" = "xyes" ; then
3690 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3691 [Define if you want to use shadow password expire field])
3697 # Use ip address instead of hostname in $DISPLAY
3698 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3699 DISPLAY_HACK_MSG="yes"
3700 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3701 [Define if you need to use IP address
3702 instead of hostname in $DISPLAY])
3704 DISPLAY_HACK_MSG="no"
3705 AC_ARG_WITH(ipaddr-display,
3706 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3708 if test "x$withval" != "xno" ; then
3709 AC_DEFINE(IPADDR_IN_DISPLAY)
3710 DISPLAY_HACK_MSG="yes"
3716 # check for /etc/default/login and use it if present.
3717 AC_ARG_ENABLE(etc-default-login,
3718 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3719 [ if test "x$enableval" = "xno"; then
3720 AC_MSG_NOTICE([/etc/default/login handling disabled])
3721 etc_default_login=no
3723 etc_default_login=yes
3725 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3727 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3728 etc_default_login=no
3730 etc_default_login=yes
3734 if test "x$etc_default_login" != "xno"; then
3735 AC_CHECK_FILE("/etc/default/login",
3736 [ external_path_file=/etc/default/login ])
3737 if test "x$external_path_file" = "x/etc/default/login"; then
3738 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3739 [Define if your system has /etc/default/login])
3743 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3744 if test $ac_cv_func_login_getcapbool = "yes" && \
3745 test $ac_cv_header_login_cap_h = "yes" ; then
3746 external_path_file=/etc/login.conf
3749 # Whether to mess with the default path
3750 SERVER_PATH_MSG="(default)"
3751 AC_ARG_WITH(default-path,
3752 [ --with-default-path= Specify default \$PATH environment for server],
3754 if test "x$external_path_file" = "x/etc/login.conf" ; then
3756 --with-default-path=PATH has no effect on this system.
3757 Edit /etc/login.conf instead.])
3758 elif test "x$withval" != "xno" ; then
3759 if test ! -z "$external_path_file" ; then
3761 --with-default-path=PATH will only be used if PATH is not defined in
3762 $external_path_file .])
3764 user_path="$withval"
3765 SERVER_PATH_MSG="$withval"
3768 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3769 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3771 if test ! -z "$external_path_file" ; then
3773 If PATH is defined in $external_path_file, ensure the path to scp is included,
3774 otherwise scp will not work.])
3778 /* find out what STDPATH is */
3783 #ifndef _PATH_STDPATH
3784 # ifdef _PATH_USERPATH /* Irix */
3785 # define _PATH_STDPATH _PATH_USERPATH
3787 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3790 #include <sys/types.h>
3791 #include <sys/stat.h>
3793 #define DATA "conftest.stdpath"
3800 fd = fopen(DATA,"w");
3804 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3810 [ user_path=`cat conftest.stdpath` ],
3811 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3812 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3814 # make sure $bindir is in USER_PATH so scp will work
3815 t_bindir=`eval echo ${bindir}`
3817 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3820 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3822 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3823 if test $? -ne 0 ; then
3824 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3825 if test $? -ne 0 ; then
3826 user_path=$user_path:$t_bindir
3827 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3832 if test "x$external_path_file" != "x/etc/login.conf" ; then
3833 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3837 # Set superuser path separately to user path
3838 AC_ARG_WITH(superuser-path,
3839 [ --with-superuser-path= Specify different path for super-user],
3841 if test -n "$withval" && test "x$withval" != "xno" && \
3842 test "x${withval}" != "xyes"; then
3843 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3844 [Define if you want a different $PATH
3846 superuser_path=$withval
3852 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3853 IPV4_IN6_HACK_MSG="no"
3855 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3857 if test "x$withval" != "xno" ; then
3859 AC_DEFINE(IPV4_IN_IPV6, 1,
3860 [Detect IPv4 in IPv6 mapped addresses
3862 IPV4_IN6_HACK_MSG="yes"
3867 if test "x$inet6_default_4in6" = "xyes"; then
3868 AC_MSG_RESULT([yes (default)])
3869 AC_DEFINE(IPV4_IN_IPV6)
3870 IPV4_IN6_HACK_MSG="yes"
3872 AC_MSG_RESULT([no (default)])
3877 # Whether to enable BSD auth support
3879 AC_ARG_WITH(bsd-auth,
3880 [ --with-bsd-auth Enable BSD auth support],
3882 if test "x$withval" != "xno" ; then
3883 AC_DEFINE(BSD_AUTH, 1,
3884 [Define if you have BSD auth support])
3890 # Where to place sshd.pid
3892 # make sure the directory exists
3893 if test ! -d $piddir ; then
3894 piddir=`eval echo ${sysconfdir}`
3896 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3900 AC_ARG_WITH(pid-dir,
3901 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3903 if test -n "$withval" && test "x$withval" != "xno" && \
3904 test "x${withval}" != "xyes"; then
3906 if test ! -d $piddir ; then
3907 AC_MSG_WARN([** no $piddir directory on this system **])
3913 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3916 dnl allow user to disable some login recording features
3917 AC_ARG_ENABLE(lastlog,
3918 [ --disable-lastlog disable use of lastlog even if detected [no]],
3920 if test "x$enableval" = "xno" ; then
3921 AC_DEFINE(DISABLE_LASTLOG)
3926 [ --disable-utmp disable use of utmp even if detected [no]],
3928 if test "x$enableval" = "xno" ; then
3929 AC_DEFINE(DISABLE_UTMP)
3933 AC_ARG_ENABLE(utmpx,
3934 [ --disable-utmpx disable use of utmpx even if detected [no]],
3936 if test "x$enableval" = "xno" ; then
3937 AC_DEFINE(DISABLE_UTMPX, 1,
3938 [Define if you don't want to use utmpx])
3943 [ --disable-wtmp disable use of wtmp even if detected [no]],
3945 if test "x$enableval" = "xno" ; then
3946 AC_DEFINE(DISABLE_WTMP)
3950 AC_ARG_ENABLE(wtmpx,
3951 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3953 if test "x$enableval" = "xno" ; then
3954 AC_DEFINE(DISABLE_WTMPX, 1,
3955 [Define if you don't want to use wtmpx])
3959 AC_ARG_ENABLE(libutil,
3960 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3962 if test "x$enableval" = "xno" ; then
3963 AC_DEFINE(DISABLE_LOGIN)
3967 AC_ARG_ENABLE(pututline,
3968 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3970 if test "x$enableval" = "xno" ; then
3971 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3972 [Define if you don't want to use pututline()
3973 etc. to write [uw]tmp])
3977 AC_ARG_ENABLE(pututxline,
3978 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3980 if test "x$enableval" = "xno" ; then
3981 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3982 [Define if you don't want to use pututxline()
3983 etc. to write [uw]tmpx])
3987 AC_ARG_WITH(lastlog,
3988 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3990 if test "x$withval" = "xno" ; then
3991 AC_DEFINE(DISABLE_LASTLOG)
3992 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3993 conf_lastlog_location=$withval
3998 dnl lastlog, [uw]tmpx? detection
3999 dnl NOTE: set the paths in the platform section to avoid the
4000 dnl need for command-line parameters
4001 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4003 dnl lastlog detection
4004 dnl NOTE: the code itself will detect if lastlog is a directory
4005 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4007 #include <sys/types.h>
4009 #ifdef HAVE_LASTLOG_H
4010 # include <lastlog.h>
4019 [ char *lastlog = LASTLOG_FILE; ],
4020 [ AC_MSG_RESULT(yes) ],
4023 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4025 #include <sys/types.h>
4027 #ifdef HAVE_LASTLOG_H
4028 # include <lastlog.h>
4034 [ char *lastlog = _PATH_LASTLOG; ],
4035 [ AC_MSG_RESULT(yes) ],
4038 system_lastlog_path=no
4043 if test -z "$conf_lastlog_location"; then
4044 if test x"$system_lastlog_path" = x"no" ; then
4045 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4046 if (test -d "$f" || test -f "$f") ; then
4047 conf_lastlog_location=$f
4050 if test -z "$conf_lastlog_location"; then
4051 AC_MSG_WARN([** Cannot find lastlog **])
4052 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4057 if test -n "$conf_lastlog_location"; then
4058 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4059 [Define if you want to specify the path to your lastlog file])
4063 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4065 #include <sys/types.h>
4071 [ char *utmp = UTMP_FILE; ],
4072 [ AC_MSG_RESULT(yes) ],
4074 system_utmp_path=no ]
4076 if test -z "$conf_utmp_location"; then
4077 if test x"$system_utmp_path" = x"no" ; then
4078 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4079 if test -f $f ; then
4080 conf_utmp_location=$f
4083 if test -z "$conf_utmp_location"; then
4084 AC_DEFINE(DISABLE_UTMP)
4088 if test -n "$conf_utmp_location"; then
4089 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4090 [Define if you want to specify the path to your utmp file])
4094 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4096 #include <sys/types.h>
4102 [ char *wtmp = WTMP_FILE; ],
4103 [ AC_MSG_RESULT(yes) ],
4105 system_wtmp_path=no ]
4107 if test -z "$conf_wtmp_location"; then
4108 if test x"$system_wtmp_path" = x"no" ; then
4109 for f in /usr/adm/wtmp /var/log/wtmp; do
4110 if test -f $f ; then
4111 conf_wtmp_location=$f
4114 if test -z "$conf_wtmp_location"; then
4115 AC_DEFINE(DISABLE_WTMP)
4119 if test -n "$conf_wtmp_location"; then
4120 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4121 [Define if you want to specify the path to your wtmp file])
4125 dnl utmpx detection - I don't know any system so perverse as to require
4126 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4128 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4130 #include <sys/types.h>
4139 [ char *utmpx = UTMPX_FILE; ],
4140 [ AC_MSG_RESULT(yes) ],
4142 system_utmpx_path=no ]
4144 if test -z "$conf_utmpx_location"; then
4145 if test x"$system_utmpx_path" = x"no" ; then
4146 AC_DEFINE(DISABLE_UTMPX)
4149 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4150 [Define if you want to specify the path to your utmpx file])
4154 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4156 #include <sys/types.h>
4165 [ char *wtmpx = WTMPX_FILE; ],
4166 [ AC_MSG_RESULT(yes) ],
4168 system_wtmpx_path=no ]
4170 if test -z "$conf_wtmpx_location"; then
4171 if test x"$system_wtmpx_path" = x"no" ; then
4172 AC_DEFINE(DISABLE_WTMPX)
4175 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4176 [Define if you want to specify the path to your wtmpx file])
4180 if test ! -z "$blibpath" ; then
4181 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4182 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4185 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4187 CFLAGS="$CFLAGS $werror_flags"
4189 if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4190 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4191 AC_SUBST(TEST_SSH_IPV6, no)
4193 AC_SUBST(TEST_SSH_IPV6, yes)
4197 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4198 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4199 scard/Makefile ssh_prng_cmds survey.sh])
4202 # Print summary of options
4204 # Someone please show me a better way :)
4205 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4206 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4207 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4208 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4209 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4210 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4211 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4212 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4213 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4214 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4217 echo "OpenSSH has been configured with the following options:"
4218 echo " User binaries: $B"
4219 echo " System binaries: $C"
4220 echo " Configuration files: $D"
4221 echo " Askpass program: $E"
4222 echo " Manual pages: $F"
4223 echo " PID file: $G"
4224 echo " Privilege separation chroot path: $H"
4225 if test "x$external_path_file" = "x/etc/login.conf" ; then
4226 echo " At runtime, sshd will use the path defined in $external_path_file"
4227 echo " Make sure the path to scp is present, otherwise scp will not work"
4229 echo " sshd default user PATH: $I"
4230 if test ! -z "$external_path_file"; then
4231 echo " (If PATH is set in $external_path_file it will be used instead. If"
4232 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4235 if test ! -z "$superuser_path" ; then
4236 echo " sshd superuser user PATH: $J"
4238 echo " Manpage format: $MANTYPE"
4239 echo " PAM support: $PAM_MSG"
4240 echo " OSF SIA support: $SIA_MSG"
4241 echo " KerberosV support: $KRB5_MSG"
4242 echo " SELinux support: $SELINUX_MSG"
4243 echo " Smartcard support: $SCARD_MSG"
4244 echo " S/KEY support: $SKEY_MSG"
4245 echo " TCP Wrappers support: $TCPW_MSG"
4246 echo " MD5 password support: $MD5_MSG"
4247 echo " libedit support: $LIBEDIT_MSG"
4248 echo " Solaris process contract support: $SPC_MSG"
4249 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4250 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4251 echo " BSD Auth support: $BSD_AUTH_MSG"
4252 echo " Random number source: $RAND_MSG"
4253 if test ! -z "$USE_RAND_HELPER" ; then
4254 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4259 echo " Host: ${host}"
4260 echo " Compiler: ${CC}"
4261 echo " Compiler flags: ${CFLAGS}"
4262 echo "Preprocessor flags: ${CPPFLAGS}"
4263 echo " Linker flags: ${LDFLAGS}"
4264 echo " Libraries: ${LIBS}"
4265 if test ! -z "${SSHDLIBS}"; then
4266 echo " +for sshd: ${SSHDLIBS}"
4271 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4272 echo "SVR4 style packages are supported with \"make package\""
4276 if test "x$PAM_MSG" = "xyes" ; then
4277 echo "PAM is enabled. You may need to install a PAM control file "
4278 echo "for sshd, otherwise password authentication may fail. "
4279 echo "Example PAM control files can be found in the contrib/ "
4284 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4285 echo "WARNING: you are using the builtin random number collection "
4286 echo "service. Please read WARNING.RNG and request that your OS "
4287 echo "vendor includes kernel-based random number collection in "
4288 echo "future versions of your OS."
4292 if test ! -z "$NO_PEERCHECK" ; then
4293 echo "WARNING: the operating system that you are using does not"
4294 echo "appear to support getpeereid(), getpeerucred() or the"
4295 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4296 echo "enforce security checks to prevent unauthorised connections to"
4297 echo "ssh-agent. Their absence increases the risk that a malicious"
4298 echo "user can connect to your agent."
4302 if test "$AUDIT_MODULE" = "bsm" ; then
4303 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4304 echo "See the Solaris section in README.platform for details."